The update to version 57.0.2987.133 contained fixes for five vulnerabilities, one marked “Critical” — the most serious rating in Google’s system — and the others tagged “High.”
Of the four vulnerabilities ranked High, one was attributed to “Team Sniper,” one of five groups from Chinese company Tencent Security that participated in this year’s edition of Pwn2Own, one of the world’s best-known hacking contests. Pwn2Own ran March 15-17 alongside the CanSecWest conference in Vancouver, British Columbia.
Team Sniper took aim at Chrome on the first day of the challenge, hoping to grab the $80,000 prize for hacking Google’s browser. But the Chinese researchers fell short. “Unfortunately, they could not get their exploit chain working within the allotted timeframe, resulting in a failure,” said TippingPoint, a division of Trend Micro and Pwn2Own’s sponsor, at the end of Day 1.
No other individual researcher or team of hackers attempted to crack Chrome at Pwn2Own. Several successful attacks were conducted against other browsers during the contest, however, including five that compromised Microsoft’s Edge, four that broke Apple’s Safari and one which hijacked Mozilla’s Firefox.
Mozilla patched the Firefox flaw just a day after the vulnerability was exploited at Pwn2Own.